MOSCOW, September 26 (RIA Novosti) – A security flaw dubbed “Shellshock” may affect a large number of web-connected devices, web servers, and web-powered services which run on Linux; experts describe it as an even more serious bug than another recently-discovered flaw, “Heartbleed”, because it allows hackers to take over remote computers.
The flaw has been found in a software component known as Bash (an acronym, which stands for Bourne-again shell), a default shell on Linux systems and Apple’s Mac operating system, which has also affected Microsoft Windows.
The bug is seen therefore as more serious, as many web servers use software which includes the Bash Unix shell component.
Rough estimates of some 500,000 computers worldwide which are vulnerable to Heartbleed now could potentially increase to 500 million, which could be hit by Shellshock.
According to the Independent, the “severity of Shellshock has been recognized by even the US government, with the US Department of Homeland Security releasing a warning about the bug and providing patches to fix affected servers”.
"Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system. The door's wide open," Prof. Alan Woodward, a security researcher from the University of Surrey, told the BBC.
Some security experts however argue that the effect of the bug would be minimal, as it ranks 10 on a scale of vulnerability and is not a top priority for hackers.